Buying a CCE Standard/Turbo Cluster_Cloud Container Engine

Precautions

After a cluster is created, the following items cannot be changed:
- Cluster type
- Number of master nodes in the cluster
- AZ of a master node
- Network configurations of the cluster, such as the VPC, subnet, Service CIDR block, IPv6 settings, and kube-proxy (service forwarding) settings
- Network model. For example, change Tunnel network to VPC network.

Step 1: Log In to the CCE Console

Log in to the CCE console.
On the Clusters page, click Buy Cluster in the upper right corner.

Step 2: Configure the Cluster

On the Buy Cluster page, configure the parameters.

Basic Settings

Parameter	Description
Type	Select CCE Standard Cluster or CCE Turbo Cluster as required. CCE standard clusters provide highly reliable and secure containers for commercial use. CCE Turbo clusters use the high-performance cloud native network. Such clusters provide cloud native hybrid scheduling, achieving higher resource utilization and wider scenario coverage. For more details, see cluster types.
Billing Mode	Select a billing mode for the cluster as required. Yearly/Monthly: a prepaid billing mode. Resources will be billed based on the service duration. This cost-effective mode is ideal when the duration of resource usage is predictable. If you choose this billing mode, configure the required duration and determine whether to automatically renew the subscription. (If you purchase a monthly subscription, the automatic renewal period is one month. If you purchase a yearly subscription, the automatic renewal period is one year.) Pay-per-use: a postpaid billing mode. It is suitable in scenarios where resources will be billed based on usage frequency and duration. You can provision or delete resources at any time.
Cluster Name	Enter a cluster name. Cluster names under the same account must be unique.
Enterprise Project	This parameter is available only for enterprise users who have enabled an enterprise project. After an enterprise project is selected, clusters and their security groups will be created in that project. To manage clusters and other resources like nodes, load balancers, and node security groups, you can use the Enterprise Project Management Service (EPS). For more details, see Enterprise Management.
Cluster Version	Select the Kubernetes version used by the cluster.
Cluster Scale	Select a cluster scale for your cluster as required. These values specify the maximum number of nodes that can be managed by the cluster. The newly created cluster only supports scaling out. For details, see Changing Cluster Scale.
Master Nodes	Select the number of master nodes. The master nodes are automatically hosted by CCE and deployed with Kubernetes cluster management components such as kube-apiserver, kube-controller-manager, and kube-scheduler. 3 Masters: Three master nodes will be created for high cluster availability. Single: Only one master node will be created in your cluster. NOTE: If more than half of the master nodes in a cluster are faulty, the cluster will not run properly. You can also select AZs for deploying the master nodes of a specific cluster. By default, AZs are allocated automatically for the master nodes. Automatic: Master nodes are randomly distributed in different AZs for cluster DR. If the number of available AZs is less than the number of nodes to be created, CCE will create the nodes in the AZs with sufficient resources to preferentially ensure cluster creation. In this case, AZ-level DR may not be ensured. Custom: Master nodes are deployed in specific AZs. If there is one master node in your cluster, you can select one AZ for the master node. If there are multiple master nodes in your cluster, you can select multiple AZs for the master nodes. AZ: Master nodes are deployed in different AZs for cluster DR. Host: Master nodes are deployed on different hosts in the same AZ for cluster DR. Custom: Master nodes are deployed in the AZs you specified.

Network Settings

The network settings cover nodes, containers, and Services. For details about the cluster networking and container network models, see Overview.

**Table 1** Network settings
Parameter	Description
VPC	Select the VPC to which the cluster belongs. If no VPC is available, click Create VPC to create one. The value cannot be changed after the cluster is created.
Node Subnet	Select the subnet to which the master nodes belong. If no subnet is available, click Create Subnet to create one. The value cannot be changed after the cluster is created.
Default Node Security Group	Select the security group automatically generated by CCE or use the existing one as the default security group of the node. NOTICE: The default security group must allow traffic from certain ports to ensure normal communication. Otherwise, the node cannot be created. For details, see How Can I Configure a Security Group Rule in a Cluster?
IPv6	If enabled, cluster resources, including nodes and workloads, can be accessed through IPv6 CIDR blocks. The IPv4/IPv6 dual stack is available for the CCE standard clusters (v1.15 and later) that use the container tunnel networks and later will be generally available for clusters of v1.23. CCE Turbo clusters of v1.23.8-r0, v1.25.3-r0, and later versions support IPv4/IPv6 dual stack. IPv4/IPv6 dual stack is not supported by clusters using the VPC networks. For details, see Creating an IPv4/IPv6 Dual-Stack Cluster in CCE.

**Table 2** Network settings
Parameter	Description
Network Model	Select VPC network or Tunnel network for your CCE standard cluster. Select Cloud Native Network 2.0 for your CCE Turbo cluster. For more information about their differences, see Overview.
Container CIDR Block	Specify the CIDR block for containers, which determines the maximum number of containers allowed in the cluster. This parameter is available only for CCE standard clusters. Multiple container CIDR blocks can be added to the VPC network after the cluster is created. For details, see Adding a Container CIDR Block for a Cluster.
Pod Subnet	Select the subnet to which the pod belongs. If no subnet is available, click Create Subnet to create one. This parameter is available only for CCE Turbo clusters. The pod subnet determines the maximum number of containers in a cluster. You can add pod subnets after a cluster is created.
Default Security Group	Select the security group automatically generated by CCE or use the existing one as the default security group of the containers. NOTICE: The default security group of containers must allow access from specified ports to ensure proper communication between containers in the cluster. For details about how to configure security group ports, see How Can I Configure a Security Group Rule in a Cluster?

**Table 3** Service network
Parameter	Description
Service CIDR Block	Configure the Service CIDR blocks for containers in the same cluster to access each other. The value determines the maximum number of Services you can create. The value cannot be changed after the cluster is created.
Request Forwarding	Select IPVS or iptables for your cluster. For details, see Comparing iptables and IPVS. iptables is the traditional kube-proxy mode. This mode applies to the scenario where the number of Services is small or a large number of short connections are concurrently sent on the client. IPv6 clusters do not support iptables. IPVS allows higher throughput and faster forwarding. This mode applies to scenarios where the cluster scale is large or the number of Services is large.
IPv6 Service CIDR Block	Configure this parameter only when IPv6 dual stack is enabled for a CCE Turbo cluster. This configuration cannot be modified after the cluster is created.

(Optional) Advanced Settings

Parameter	Description
IAM Authentication	CCE clusters support IAM authentication. You can call IAM authenticated APIs to access CCE clusters.
Certificate Authentication	If Automatically generated is selected, the X509-based authentication mode will be enabled by default. X509 is a commonly used certificate format. If Bring your own is selected, the cluster can identify users based on the header in the request body for authentication. Upload your CA root certificate, client certificate, and private key. CAUTION: Upload a file smaller than 1 MB. The CA certificate and client certificate can be in .crt or .cer format. The private key of the client certificate can only be uploaded unencrypted. The validity period of the client certificate must be longer than five years. The uploaded CA root certificate is used by the authentication proxy and for configuring the kube-apiserver aggregation layer. If any of the uploaded certificates is invalid, the cluster cannot be created. Starting from v1.25, Kubernetes no longer supports certificate authentication generated using the SHA1WithRSA or ECDSAWithSHA1 algorithm. The certificate authentication generated using the SHA256 algorithm is supported instead.
CPU Management	If enabled, exclusive CPU cores can be allocated to workload pods. For details, see CPU Policy.
Overload Control	After this function is enabled, concurrent requests will be dynamically controlled based on the resource demands received by master nodes to ensure the stable running of the master nodes and the cluster. For details, see Enabling Overload Control for a Cluster.
Distributed Cloud (HomeZone/CloudPond)	If enabled, the cluster can centrally manage data center and edge computing resources. This allows you to deploy containers in proper regions based on service requirements. This function is supported by CCE Turbo clusters only, and you need to register an edge site beforehand. For details, see Using Distributed Cloud Resources in a CCE Turbo Cluster.
Cluster Deletion Protection	A measure taken to prevent accidental deletion of clusters through the console or APIs. After this function is enabled, you will not be able to delete or unsubscribe from clusters on CCE. You can modify the function status in the cluster Settings after creating it.
Time Zone	The cluster's scheduled tasks and nodes are subject to the chosen time zone.
Resource Tag	You can add resource tags to classify resources. A maximum of 20 resource tags can be added. NOTE: If your account belongs to an organization and the organization has configured with CCE tag policies, you need to add tags to the cluster based on these policies. If a tag does not comply with the tag policies, cluster creation may fail. Contact your administrator to learn more about tag policies. You can create predefined tags on the TMS console. The predefined tags are available to all resources that support tags. You can use these tags to improve the tag creation and resource migration efficiency. For details, see Creating Predefined Tags. A tag key can have a maximum of 128 characters, including letters, digits, spaces, and special characters (-_.:=+@). It cannot start or end with a space, or start with _sys_. The key cannot be empty. A tag value can have a maximum of 255 characters. It can only contain letters, digits, spaces, and special characters (-_.:/=+@). The value can be empty.
Description	You can enter description for the cluster. A maximum of 200 characters are allowed.

Step 3: Select Add-ons

Click Next: Select Add-on. On the page displayed, select the add-ons to be installed during cluster creation.

Basic capabilities

Add-on Name	Description
CCE Container Network (Yangtse CNI)	This is the basic cluster add-on. It provides network connectivity, Internet access, and security isolation for pods in your cluster.
CCE Container Storage (Everest)	This add-on (CCE Container Storage (Everest)) is installed by default. It is a cloud native container storage system based on CSI and supports cloud storage services such as EVS.
CoreDNS	This add-on (CoreDNS) is installed by default. It provides DNS resolution for your cluster and can be used to access the in-cloud DNS server.
NodeLocal DNSCache	(Optional) If selected, this add-on (NodeLocal DNSCache) will be automatically installed. NodeLocal DNSCache improves cluster DNS performance by running a DNS caching agent on cluster nodes.
Volcano Scheduler	(Optional) After you select this option, CCE will automatically install Volcano Scheduler and set the default scheduler of the cluster to Volcano. This will enable you to access advanced scheduling capabilities for batch computing and high-performance computing.
CCE Cloud Bursting Engine for CCI	(Optional) After you select this option, CCE will automatically install CCE Cloud Bursting Engine for CCI. When there is a sudden increase in workload, the pods deployed on CCE will be dynamically created on CCI to handle the increased load.

Observability

Add-on Name	Description
Cloud Native Cluster Monitoring	(Optional) If selected, this add-on (Cloud Native Cluster Monitoring) will be automatically installed. Cloud Native Cluster Monitoring collects monitoring metrics for your cluster and reports the metrics to AOM. The agent mode does not support HPA based on custom Prometheus statements. If related functions are required, install this add-on manually after the cluster is created. Collecting basic metrics is free of charge. Collecting custom metrics is billed by AOM. For details, see Pricing Details. For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.
Cloud Native Logging	(Optional) If selected, this add-on (Cloud Native Logging) will be automatically installed. Cloud Native Logging helps report logs to LTS. After the cluster is created, you are allowed to obtain and manage collection rules on the Logging page of the CCE cluster console. LTS does not charge you for creating log groups and offers a free quota for you to collect logs every month. You pay only for the log volume exceeding the quota. For details, see Price Calculator. For details, see Collecting Container Logs Using Cloud Native Logging.
CCE Node Problem Detector	(Optional) If selected, this add-on (CCE Node Problem Detector) will be automatically installed to detect faults and isolate nodes for prompt cluster troubleshooting.

Add-on Name

Description

Cloud Native Cluster Monitoring

(Optional) If selected, this add-on (Cloud Native Cluster Monitoring) will be automatically installed. Cloud Native Cluster Monitoring collects monitoring metrics for your cluster and reports the metrics to AOM. The agent mode does not support HPA based on custom Prometheus statements. If related functions are required, install this add-on manually after the cluster is created.

Collecting basic metrics is free of charge. Collecting custom metrics is billed by AOM. For details, see Pricing Details. For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.

Cloud Native Logging

(Optional) If selected, this add-on (Cloud Native Logging) will be automatically installed. Cloud Native Logging helps report logs to LTS. After the cluster is created, you are allowed to obtain and manage collection rules on the Logging page of the CCE cluster console.

LTS does not charge you for creating log groups and offers a free quota for you to collect logs every month. You pay only for the log volume exceeding the quota. For details, see Price Calculator. For details, see Collecting Container Logs Using Cloud Native Logging.

CCE Node Problem Detector

(Optional) If selected, this add-on (CCE Node Problem Detector) will be automatically installed to detect faults and isolate nodes for prompt cluster troubleshooting.

Step 4: Configure Add-ons

Click Next: Add-on Configuration.

Basic capabilities

Add-on Name	Description
CCE Container Network (Yangtse CNI)	This add-on is unconfigurable.
CCE Container Storage (Everest)	This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration.
CoreDNS	This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration.
NodeLocal DNSCache	This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration.
Volcano Scheduler	This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration.
CCE Cloud Bursting Engine for CCI	After you specify the subnet for a CCI instance, the pods that are scheduled to CCI will consume the IP addresses within that subnet. Properly plan the CIDR blocks to prevent running out of available IP addresses. After workload pods are scheduled to CCI, they will be billed according to CCI billing requirements. For details, see Billed Items.

Observability

Add-on Name	Description
Cloud Native Cluster Monitoring	Select an AOM instance for Cloud Native Cluster Monitoring to report metrics. If no AOM instance is available, click Creating Instance to create one. Collecting basic metrics is free of charge. Collecting custom metrics is billed by AOM. For details, see Pricing Details. For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.
Cloud Native Logging	Select the logs to be collected. If enabled, a log group named k8s-log-{clusterId} will be automatically created, and a log stream will be created for each selected log type. Container log: Standard output logs of containers are collected. The corresponding log stream is named in the format of stdout-{Cluster ID}. Kubernetes Events: Kubernetes logs are collected. The corresponding log stream is named in the format of event-{Cluster ID}. Kubernetes audit log: Audit logs of the master nodes are collected. The corresponding log stream is named in the format of audit-{Cluster ID}. Control Plane Logs: Logs of components like kube-apiserver, kube-controller-manage, and kube-scheduler that run on the master nodes are collected. The corresponding log streams are named in the format of kube-apiserver-{Cluster ID}, kube-controller-manage-{Cluster ID}, and kube-scheduler-{Cluster ID}, respectively. If log collection is disabled, choose Logging in the navigation pane of the cluster console after the cluster is created and enable this function. LTS does not charge you for creating log groups and offers a free quota for you to collect logs every month. You pay only for the log volume exceeding the quota. For details, see Price Calculator. For details, see Collecting Container Logs Using Cloud Native Logging.
CCE Node Problem Detector	This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration.

Add-on Name

Description

Cloud Native Cluster Monitoring

Select an AOM instance for Cloud Native Cluster Monitoring to report metrics. If no AOM instance is available, click Creating Instance to create one.

Collecting basic metrics is free of charge. Collecting custom metrics is billed by AOM. For details, see Pricing Details. For details, see Monitoring Custom Metrics Using Cloud Native Cluster Monitoring.

Cloud Native Logging

Select the logs to be collected. If enabled, a log group named k8s-log-{clusterId} will be automatically created, and a log stream will be created for each selected log type.

Container log: Standard output logs of containers are collected. The corresponding log stream is named in the format of stdout-{Cluster ID}.
Kubernetes Events: Kubernetes logs are collected. The corresponding log stream is named in the format of event-{Cluster ID}.
Kubernetes audit log: Audit logs of the master nodes are collected. The corresponding log stream is named in the format of audit-{Cluster ID}.
Control Plane Logs: Logs of components like kube-apiserver, kube-controller-manage, and kube-scheduler that run on the master nodes are collected. The corresponding log streams are named in the format of kube-apiserver-{Cluster ID}, kube-controller-manage-{Cluster ID}, and kube-scheduler-{Cluster ID}, respectively.

If log collection is disabled, choose Logging in the navigation pane of the cluster console after the cluster is created and enable this function.

LTS does not charge you for creating log groups and offers a free quota for you to collect logs every month. You pay only for the log volume exceeding the quota. For details, see Price Calculator. For details, see Collecting Container Logs Using Cloud Native Logging.

CCE Node Problem Detector

This add-on is unconfigurable. After the cluster is created, choose Add-ons in the navigation pane of the cluster console and modify the configuration.

Step 5: Confirm the Configuration

After the parameters are specified, click Next: Confirm configuration. The cluster resource list is displayed. Confirm the information and click Submit.

It takes about 5 to 10 minutes to create a cluster. You can click Back to Cluster List to perform other operations on the cluster or click Go to Cluster Events to view the cluster details.

Related Operations

After creating a cluster, you can use the Kubernetes command line (CLI) tool kubectl to connect to the cluster. For details, see Connecting to a Cluster Using kubectl.
Add nodes to the cluster. For details, see Creating a Node.
Create an IPv4/IPv6 dual-stack. For details, see Creating an IPv4/IPv6 Dual-Stack Cluster in CCE.
Connect to multiple clusters using kubectl. For details, see Connecting to Multiple Clusters Using kubectl.

Buying a CCE Standard/Turbo Cluster